[lxc/lxc] d66349: meson: Generate compile commands by iterating over...

0 views
Skip to first unread message

Christian Brauner

unread,
Jul 25, 2022, 6:13:07 PMJul 25
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/stable-5.0
Home: https://github.com/lxc/lxc
Commit: d663495eeb792c97fcb63d9e52914604a4a73b16
https://github.com/lxc/lxc/commit/d663495eeb792c97fcb63d9e52914604a4a73b16
Author: Petr Malat <o...@malat.biz>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/tools/meson.build

Log Message:
-----------
meson: Generate compile commands by iterating over an array

This makes it possible to add a new command without updating multiple
places in the meson file.

Signed-off-by: Petr Malat <o...@malat.biz>


Commit: 28726f215084391c398873125e29512ec5b21a2b
https://github.com/lxc/lxc/commit/28726f215084391c398873125e29512ec5b21a2b
Author: Raphael Isemann <teem...@gmail.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/caps.h

Log Message:
-----------
Fix uninitialized read in parse_cap when libcap is not used

fuzz-lxc-cgroup-init currently fails for me with the input
```
lxc.cap.keep=0
```

with this report:

```
==640655==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x833c77 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3161:6
#1 0xaa5fd6 in add_cap_entry /src/lxc/san_build/../src/lxc/confile.c:2462:9
#2 0x9eb69c in set_config_cap_keep /src/lxc/san_build/../src/lxc/confile.c:2503:8
#3 0x974a76 in parse_line /src/lxc/san_build/../src/lxc/confile.c:3115:9
#4 0xea8cac in lxc_file_for_each_line_mmap /src/lxc/san_build/../src/lxc/parse.c:123:9
#5 0x9700a1 in lxc_config_read /src/lxc/san_build/../src/lxc/confile.c:3192:9
#6 0x4a3b50 in LLVMFuzzerTestOneInput /src/lxc/san_build/../src/tests/fuzz-lxc-cgroup-init.c:40:8
#7 0x10556e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#8 0x1041372 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x1046bbc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#10 0x106f7b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7ffff7bc00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
#12 0x420a9d in _start (/home/fuzzer/oss-fuzz/build/out/lxc/fuzz-lxc-cgroup-init+0x420a9d)

Uninitialized value was created by an allocation of 'last_cap' in the stack frame of function 'parse_cap'
#0 0x832e30 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3131
```

The reason is that without libcap we parse_cap ends up comparing two
uninitialized values. See the snippet below:

```
int parse_cap(const char *cap_name, __u32 *cap)
{
int ret;
unsigned int res;
__u32 last_cap;

[...]

ret = lxc_caps_last_cap(&last_cap); // NOTE: 1. Call here.
if (ret) // Not taken as dummy lxc_caps_last_cap returned 0.
return -1;

if ((__u32)res > last_cap) // last_cap is uninitialized.
return -1;

*cap = (__u32)res;
return 0;
}
```

Root cause seems to be that the dummy `lxc_caps_last_cap` returns 0 but
doesn't set the last_cap value. This patch just returns -1 as an error code
to avoid the uninitialized read.

Note: When reproducing the bug you need to compile with O0 and *not* with O1
otherwise you will not see the report.

Signed-off-by: Raphael Isemann <teem...@gmail.com>


Commit: cfcbdb75f061108021cb233d221e8496ac40c30e
https://github.com/lxc/lxc/commit/cfcbdb75f061108021cb233d221e8496ac40c30e
Author: Serge Hallyn <se...@hallyn.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M .github/workflows/build.yml
M .github/workflows/coverity.yml
M .github/workflows/sanitizers.sh
M .github/workflows/sanitizers.yml
M meson.build
M meson_options.txt
M src/lxc/cgroups/cgfsng.c
M src/lxc/commands.c
M src/lxc/commands.h
M src/lxc/conf.c
M src/lxc/conf.h
M src/tests/oss-fuzz.sh

Log Message:
-----------
use systemd dbus StartTransientUnit for unpriv cgroup2

If, when init'ing cgroups for a container start, we detect that we
are an unprivileged user on a unified-hierarchy-only system, then we
try to request systemd, through dbus api, to create a new scope for
us with delegation. Call the cgroup it creates for us P1. We then
create P1/init, move ourselves into there, so we can enable the
controllers for delegation to P1's children through P1/cgroup.subtree_control.

On attach, we try to request systemd attach us to the container's
scope. We can't do that ourselves in the normal case, as root owns
our login cgroups.

Create a new command api for the lxc monitor to tell lxc-attach the
systemd scope to which to attach.

Changelog:
* free cgroup_meta.systemd_scope in lxc_conf_free (Thanks Tycho)
* fix some indent
* address some (not all) of brauner's feedback

Signed-off-by: Serge Hallyn <se...@hallyn.com>


Commit: c3e648700db478dfe6b9839fb904cf214ca4930c
https://github.com/lxc/lxc/commit/c3e648700db478dfe6b9839fb904cf214ca4930c
Author: Marc E. Fiuczynski <mfiu...@akamai.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/confile.c

Log Message:
-----------
fix for issue 4026: set broadcast to 0.0.0.0 for /31 and /32

Signed-off-by: Marc E. Fiuczynski <mfiu...@akamai.com>


Commit: dcfd75bb41b555a151b3af9f0d1ed6e1bb5f9690
https://github.com/lxc/lxc/commit/dcfd75bb41b555a151b3af9f0d1ed6e1bb5f9690
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/conf.c

Log Message:
-----------
conf: log file descriptors on error during idmapped mount setup

Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>


Commit: e74fd55bcbead53a47ae76aaa8ae7c3d339596b6
https://github.com/lxc/lxc/commit/e74fd55bcbead53a47ae76aaa8ae7c3d339596b6
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/start.c

Log Message:
-----------
start: don't overwrite file descriptors during namespace preservation

Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>


Commit: ea4fd7f8536cd0cd4a3ba04cd27b1f20c5b136ba
https://github.com/lxc/lxc/commit/ea4fd7f8536cd0cd4a3ba04cd27b1f20c5b136ba
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/start.c

Log Message:
-----------
start: record inherited namespaces earlier to make it available for idmapped rootfs setup

Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>


Commit: 41f602361413bd9e04ce43d5bf262752e782896d
https://github.com/lxc/lxc/commit/41f602361413bd9e04ce43d5bf262752e782896d
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/conf.c

Log Message:
-----------
conf: fix append_ttyname()

We appended container_tty= and then used setenv(container_tty, ...)
resulting int container_tty=container_tty=.

Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>


Commit: 242289b6bbdf3b7f279fa61f990bbe89343804c3
https://github.com/lxc/lxc/commit/242289b6bbdf3b7f279fa61f990bbe89343804c3
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/start.c

Log Message:
-----------
start: fix namespace sharing

Fixes: #4134
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>


Commit: 31bff905ae5b3beabe9303b8c70595c1fbd0d4bd
https://github.com/lxc/lxc/commit/31bff905ae5b3beabe9303b8c70595c1fbd0d4bd
Author: Wolfgang Bumiller <w.bum...@proxmox.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M meson.build

Log Message:
-----------
add check for statvfs

we use HAVE_STATVFS in the code but with meson the check got
lost causing mount_entry to fail to remount some things such
as a bind mount of /dev/fuse via

lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0

which would cause the following log messages:

DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" to respect bind or remount options
ERROR conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse"

note that the `Flags for ... were ...` line is not showing
up there, which depends on HAVE_STATVFS

Signed-off-by: Wolfgang Bumiller <w.bum...@proxmox.com>


Commit: da0f3564676aa154cb97101e47545cce336797dc
https://github.com/lxc/lxc/commit/da0f3564676aa154cb97101e47545cce336797dc
Author: srd424 <srd...@users.noreply.github.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/storage/overlay.c

Log Message:
-----------
Fix off-by-one error constructing mount options

This fixes a really subtle off-by-one error constructing overlay mount options if rootfs options are provided and modern overlayfs (i.e. requiring a workdir) is used. We need to allow for the extra "," required to separate the extra options when computing the length!

Signed-off-by: srd424 <srd...@users.noreply.github.com>


Commit: 00a79876b82e4cda74c76bddff07284af90ca7a7
https://github.com/lxc/lxc/commit/00a79876b82e4cda74c76bddff07284af90ca7a7
Author: srd424 <srd...@users.noreply.github.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/storage/overlay.c

Log Message:
-----------
Store mount options in correct variable

This was exposed by the fix in the previous commit.

Signed-off-by: srd424 <srd...@users.noreply.github.com>


Commit: d441ee58519c93782044cd174f937f7db80d3aab
https://github.com/lxc/lxc/commit/d441ee58519c93782044cd174f937f7db80d3aab
Author: Wolfgang Bumiller <w.bum...@proxmox.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M meson.build
M src/tests/meson.build

Log Message:
-----------
meson: add remaining still-in-use config checks

These are all still in use in the code but have not been
added to meson.build when switching over from autoconf.

Signed-off-by: Wolfgang Bumiller <w.bum...@proxmox.com>


Commit: c2ee9b440c92ad2367898c009b8eac30d9a37770
https://github.com/lxc/lxc/commit/c2ee9b440c92ad2367898c009b8eac30d9a37770
Author: Fabrice Fontaine <fontaine...@gmail.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M src/lxc/log.h

Log Message:
-----------
src/lxc/log.h: fix STRERROR_R_CHAR_P

STRERROR_R_CHAR_P is always defined to 0 or 1 depending on the value of
have_func_strerror_r_char_p in meson.build so replace #ifdef by #if to
avoid a redefinition build failure if char *strerror_r is not defined

Signed-off-by: Fabrice Fontaine <fontaine...@gmail.com>


Commit: aba631cd43e86f2b55f31c369b7f37392a34ae05
https://github.com/lxc/lxc/commit/aba631cd43e86f2b55f31c369b7f37392a34ae05
Author: Fabrice Fontaine <fontaine...@gmail.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M meson.build

Log Message:
-----------
meson.build: fix build with -Dcapabilities=false

Define libcap_static to an empty array to avoid the following build
failure with -Dcapabilities=false:

output/build/lxc-5.0.0/src/lxc/cmd/meson.build:64:4: ERROR: Unknown variable "libcap_static".

Signed-off-by: Fabrice Fontaine <fontaine...@gmail.com>


Commit: 315d4cec61513241334dfec708100501e08019f4
https://github.com/lxc/lxc/commit/315d4cec61513241334dfec708100501e08019f4
Author: Fabrice Fontaine <fontaine...@gmail.com>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M meson.build

Log Message:
-----------
meson.build: fix build without stack-protector

Move -fstack-protector-strong from possible_cc_flags to
possible_link_flags to avoid a build failure on toolchains without ssp

Signed-off-by: Fabrice Fontaine <fontaine...@gmail.com>


Commit: a1329fefec12755463d8d72b4c5c4f68a7b0134a
https://github.com/lxc/lxc/commit/a1329fefec12755463d8d72b4c5c4f68a7b0134a
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-07-25 (Mon, 25 Jul 2022)

Changed paths:
M README.md

Log Message:
-----------
README: update security mails

Reported-by: Serge Hallyn <se...@hallyn.com>
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/1f8c35572775...a1329fefec12
Reply all
Reply to author
Forward
0 new messages